SB20240531380 - Memory leak in Linux kernel hw hfi1 driver
Published: May 31, 2024 Updated: May 14, 2025
Security Bulletin ID
SB20240531380
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory leak (CVE-ID: CVE-2024-26839)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the init_credit_return() function in drivers/infiniband/hw/hfi1/pio.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/2e4f9f20b32658ef3724aa46f7aef4908d2609e3
- https://git.kernel.org/stable/c/cecfb90cf71d91e9efebd68b9e9b84661b277cc8
- https://git.kernel.org/stable/c/3fa240bb6b2dbb3e7a3ee1440a4889cbb6207eb7
- https://git.kernel.org/stable/c/52de5805c147137205662af89ed7e083d656ae25
- https://git.kernel.org/stable/c/f0d857ce31a6bc7a82afcdbadb8f7417d482604b
- https://git.kernel.org/stable/c/b41d0ade0398007fb746213f09903d52a920e896
- https://git.kernel.org/stable/c/8412c86e89cc78d8b513cb25cf2157a2adf3670a
- https://git.kernel.org/stable/c/809aa64ebff51eb170ee31a95f83b2d21efa32e2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.308
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.211
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.150
- https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.270
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.80
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.19
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.7.7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.8